I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
awffelwaffels via tor-relays:
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
You could mail the bad-relays mailing list with your findings, so the bad-relays team can investigate further.
Sure, I mean it's bad traffic not bad relays but sure.
------- Original Message -------
On Thursday, March 3rd, 2022 at 10:10 PM, Georg Koppen gk@torproject.org wrote:
awffelwaffels via tor-relays:
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
You could mail the bad-relays mailing list with your findings, so the
bad-relays team can investigate further.
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi
On 3/3/22 21:12, awffelwaffels via tor-relays wrote: [..] ffelwaffels via tor-relays:
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
[..]
Do you mean behavior like the following?
Feb. 25-26.: FDAA4F76F778215F02B0B02DCE8E8504179BCDC6 Cross-check: https://mcp.loki.tel/munin/par.exit.tor.loki.tel/12.par.exit.tor.loki.tel/to...
Feb. 25-26.: FDAA4F76F778215F02B0B02DCE8E8504179BCDC6 Cross-check: https://mcp.loki.tel/munin/vie.exit.tor.loki.tel/04.vie.exit.tor.loki.tel/to...
I am not sure about this either. But I can't confirm this increase in my Munin graphs or on the server itself.
-- Martin
Hello there.
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability.
I just checked the metrics page for the relay I operate (791E637A38C715336290E8AC0EB6C99BD02A5F0E) and I noticed a bump similar to the one from FDAA4F76F778215F02B0B02DCE8E8504179BCDC6. However, my relay is not and has never been an exit relay. Also, it looks like the data changed retroactively: I usually check the metrics about once a day and I'm sure I would have noticed the peak of 26/02 the day after - I mean, it is a more than x3 increment from the day before (that also had the highest value ever until then). Should I worry about that? And should I report my own relay to the bad-relays mailing list? Thanks for the help.
Eldalië
On Thu, 03 Mar 2022 19:01:37 +0000 awffelwaffels via tor-relays tor-relays@lists.torproject.org wrote:
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
Eldalië via tor-relays:
Hello there.
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability.
I just checked the metrics page for the relay I operate (791E637A38C715336290E8AC0EB6C99BD02A5F0E) and I noticed a bump similar to the one from FDAA4F76F778215F02B0B02DCE8E8504179BCDC6. However, my relay is not and has never been an exit relay. Also, it looks like the data changed retroactively: I usually check the metrics about once a day and I'm sure I would have noticed the peak of 26/02 the day after - I mean, it is a more than x3 increment from the day before (that also had the highest value ever until then). Should I worry about that? And should I report my own relay to the bad-relays mailing list?
No, it's fine. I am not sure yet what the problem is but I suspect it's a bug in one of our recent code changes. See:
https://gitlab.torproject.org/tpo/network-health/metrics/onionoo/-/issues/40...
for more details. We've reverted that change for now and things should normalize again assuming the traffic increase you see is indeed related to it.
Georg
Thanks for the help.
Eldalië
On Thu, 03 Mar 2022 19:01:37 +0000 awffelwaffels via tor-relays tor-relays@lists.torproject.org wrote:
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Thanks very much. The anomalous peaks disappeared for most of the days indeed, it remained only for 26/02.
Eldalië
On Fri, 4 Mar 2022 07:26:26 +0000 Georg Koppen gk@torproject.org wrote:
Eldalië via tor-relays:
Hello there.
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability.
I just checked the metrics page for the relay I operate (791E637A38C715336290E8AC0EB6C99BD02A5F0E) and I noticed a bump similar to the one from FDAA4F76F778215F02B0B02DCE8E8504179BCDC6. However, my relay is not and has never been an exit relay. Also, it looks like the data changed retroactively: I usually check the metrics about once a day and I'm sure I would have noticed the peak of 26/02 the day after - I mean, it is a more than x3 increment from the day before (that also had the highest value ever until then). Should I worry about that? And should I report my own relay to the bad-relays mailing list?
No, it's fine. I am not sure yet what the problem is but I suspect it's a bug in one of our recent code changes. See:
https://gitlab.torproject.org/tpo/network-health/metrics/onionoo/-/issues/40...
for more details. We've reverted that change for now and things should normalize again assuming the traffic increase you see is indeed related to it.
Georg
Thanks for the help.
Eldalië
On Thu, 03 Mar 2022 19:01:37 +0000 awffelwaffels via tor-relays tor-relays@lists.torproject.org wrote:
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 4/3/22 11:40, Eldalië via tor-relays wrote:
Thanks very much. The anomalous peaks disappeared for most of the days indeed, it remained only for 26/02.
Yes, working to fix the bump for 26/02.
-hiro
Eldalië
On Fri, 4 Mar 2022 07:26:26 +0000 Georg Koppen gk@torproject.org wrote:
Eldalië via tor-relays:
Hello there.
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability.
I just checked the metrics page for the relay I operate (791E637A38C715336290E8AC0EB6C99BD02A5F0E) and I noticed a bump similar to the one from FDAA4F76F778215F02B0B02DCE8E8504179BCDC6. However, my relay is not and has never been an exit relay. Also, it looks like the data changed retroactively: I usually check the metrics about once a day and I'm sure I would have noticed the peak of 26/02 the day after - I mean, it is a more than x3 increment from the day before (that also had the highest value ever until then). Should I worry about that? And should I report my own relay to the bad-relays mailing list?
No, it's fine. I am not sure yet what the problem is but I suspect it's a bug in one of our recent code changes. See:
https://gitlab.torproject.org/tpo/network-health/metrics/onionoo/-/issues/40...
for more details. We've reverted that change for now and things should normalize again assuming the traffic increase you see is indeed related to it.
Georg
Thanks for the help.
Eldalië
On Thu, 03 Mar 2022 19:01:37 +0000 awffelwaffels via tor-relays tor-relays@lists.torproject.org wrote:
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi all,
I can now confirm the data has been restored and no relay or bridge should exhibit any bump in traffic due to this but.
Cheers,
-hiro
On 4/3/22 15:11, Silvia/Hiro wrote:
On 4/3/22 11:40, Eldalië via tor-relays wrote:
Thanks very much. The anomalous peaks disappeared for most of the days indeed, it remained only for 26/02.
Yes, working to fix the bump for 26/02.
-hiro
Eldalië
On Fri, 4 Mar 2022 07:26:26 +0000 Georg Koppen gk@torproject.org wrote:
Eldalië via tor-relays:
Hello there.
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability.
I just checked the metrics page for the relay I operate (791E637A38C715336290E8AC0EB6C99BD02A5F0E) and I noticed a bump similar to the one from FDAA4F76F778215F02B0B02DCE8E8504179BCDC6. However, my relay is not and has never been an exit relay. Also, it looks like the data changed retroactively: I usually check the metrics about once a day and I'm sure I would have noticed the peak of 26/02 the day after - I mean, it is a more than x3 increment from the day before (that also had the highest value ever until then). Should I worry about that? And should I report my own relay to the bad-relays mailing list?
No, it's fine. I am not sure yet what the problem is but I suspect it's a bug in one of our recent code changes. See:
https://gitlab.torproject.org/tpo/network-health/metrics/onionoo/-/issues/40...
for more details. We've reverted that change for now and things should normalize again assuming the traffic increase you see is indeed related to it.
Georg
Thanks for the help.
Eldalië
On Thu, 03 Mar 2022 19:01:37 +0000 awffelwaffels via tor-relays tor-relays@lists.torproject.org wrote:
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 3/3/22 20:01, awffelwaffels via tor-relays wrote:
I see on every exit node I check on the metrics page, a massive bump in bandwidth used without a change in exit probability. Is this perhaps an attacker squeezing the bandwidth of the network so people are more likely to use their malicious nodes?
Hi,
This was a bug that was briefly introduced between yesterday afternoon and early morning today (UTC times). I have reverted the commit this morning around 5.00 AM (UTC) so you should start seeing your graphs back to normal.
Thanks for noticing and apologies for that.
Cheers,
-hiro
tor-relays@lists.torproject.org
-
awffelwaffels -
Eldalië -
Georg Koppen -
Martin Gebhardt -
Silvia/Hiro